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Abstract 

The correctness of most randomized distributed algo- 
rithms is expressed by a statement of the form "some 
predicate of the executions holds with high probabil- 
ity, regardless of the order in which actions are sched- 
uled" . In this paper, we present a general methodol- 
ogy to prove correctness statements of such random- 
ized algorithms. Specifically, we show how to prove 
such statements by a series of refinements, which ter- 
minate in a statement independent of the schedule. 
To demonstrate the subtlety of the issues involved in 
this type of analysis, we focus on Rabin's randomized 
distributed algorithm for mutual exclusion [6] . 

Surprisingly, it turns out that the algorithm does 
not maintain one of the requirements of the problem 
under a certain schedule. In particular, we give a 
schedule under which a set of processes can suffer 
lockout for arbitrary long periods. 

1 Introduction 

1.1 General Considerations 

For many distributed system problems, it is possi- 
ble to produce randomized algorithms that are bet- 
ter than their deterministic counterparts: they may 
be more efficient, have simpler structure, and even 
achieve correctness properties that deterministic al- 
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gorithms cannot. One cost of using randomization is 
the increased difficulty of proving correctness of the 
resulting algorithms. A randomized algorithm typi- 
cally involves two different types of nondeterminism 
- that arising from the random choices and that aris- 
ing from an adversary. The interaction between these 
two kinds of nondeterminism complicates the analysis 
of the algorithm. 

In the distributed system model considered here, 
each of a set of concurrent processes executes its lo- 
cal code and communicates with the others through 
a shared variable. The code can contain random 
choices, which leads to probabilistic branch points in 
the tree of executions. By assumption, the algorithm 
is provided at certain points of the execution with 
random inputs having known distributions. We can 
equivalently consider that all random choices made 
in a single execution are given by a parameter uj at 
the onset of the execution. The parameter uj thus 
captures the first type of nondeterminism. 

For the second type, we here define the adversary 
A to be the entity controlling the order in which pro- 
cesses take steps. (In other work (e.g., [4]), the adver- 
sary can control other decisions, such as the contents 
of some messages.) An adversary A bases its choices 
on the knowledge it holds about the prior execution 
of the system. This knowledge varies according to 
the specifications for each given problem. In this pa- 
per, we will consider an adversary allowed to observe 
only certain "external" manifestations of the execu- 
tion and having no access, for example, to informa- 
tion about local process states. We will say that an 
adversary is admissible to emphasize its specificity. 

These two sources of nondeterminism, uj and A, 
uniquely define an execution £ = £(ui,A) of the al- 
gorithm. 

Among the correctness properties one often wishes 
to prove for randomized algorithms are properties 
that state that a certain property W of executions 
has a "high" probability of holding against all ad- 
missible adversaries. Note that the probability men- 



tioned in this statement is taken with respect to a 
probability distribution on executions. One of the 
major sources of complication is that there are two 
probability spaces that need to be considered: the 
space of random inputs to and the space of random 
executions. Let dP denote the probability measure 
given for the space of random inputs to. 

Since the evolution of the system is determined 
both by the (random) choices expressed by to and also 
by the adversary A, we do not have a single probabil- 
ity distribution on the space of all executions. Rather, 
for each adversary A there is a corresponding distri- 
bution dP^ on the executions "compatible with" A. 
High probability correctness properties of a random- 
ized algorithm C are then generally stated in terms 
of the distributions dPj^, in the following form. Let 
W and I be sets of executions of C and let / be a 
real number in [0, 1]. Then C is correct provided that 
P^[VF I J] > / for every admissible adversary A. For 
a condition expressed in this form, we think of W as 
the set of "good" (or "winning") executions, while I 
is a set that expresses the assumptions under which 
the good behavior is supposed to hold. 

In general, it is difficult to calculate (good bounds 
on) probabilities of the form _P4[1/F|/]. This is be- 
cause the probability that the execution is in W , I 
or VF n / depends on a combination of the choices 
in Lo and those made by the adversary. Although we 
assume a basic probability distribution P for to, the 
adversary's choices are determined in a more compli- 
cated way - in terms of certain kinds of knowledge 
of the prior execution. In particular, the adversary's 
choices can depend on the outcomes of prior random 
choices made by the processes. 

The situation is much simpler in the special case 
where the events W and I are defined directly in 
terms of the choices in w. In this case, the desired 
probability can be calculated just by using the as- 
sumed probability distribution dP. 

Our general methodology for proving a high prob- 
ability correctness property of the form -P4[VF|/] con- 
sists of proving successive lower bounds: 

Va[W I I] > Pa[Wi I 7i] 

> PA[Wr I /.], 

where all the Wi and li are sets of executions, and 
where the last two sets, Wr and Ir, are defined di- 
rectly in terms of the choices in uj. The final term, 
P^[l^r I Ir], is then evaluated (or bounded from be- 
low) using the distribution dP. This methodology can 
be difficult to implement as it involves disentangling 
the ways in which the random choices made by the 
processes affect the choices made by the adversary. 



This paper is devoted to emphasizing the need of 
such a rigorous methodology in correctness proofs: 
in the context of randomized algorithms the power 
of the adversary is generally hard to analyze and im- 
precise arguments can easily lead to incorrect state- 
ments. 

As evidence supporting our point, we give an anal- 
ysis of Rabin's randomized distributed algorithm [6] 
implementing mutual exclusion for n processes using 
a read-modify-write primitive on a shared variable 
with 0(log n) values. Rabin claimed that the al- 
gorithm satisfies the following correctness property: 
for every adversary, any process competing for en- 
trance to the critical section succeeds with probabil- 
ity Sl(l/m), where m is the number of competing pro- 
cesses. As we shall see, this property can be expressed 
in the general form P^[l/F \ I] > I- In [5], Sharir et 
al. gave another analysis of the algorithm, providing 
a formal model in terms of Markov chains; however, 
they did not make explicit the infiuence of the adver- 
sary on the probability distribution on executions. 

We show that this infiuence is crucial: the adver- 
sary in [6] is much stronger than previously thought, 
and in fact, the high probability correctness result 
claimed in [6] does not hold. 

1.2 Rabin's Algorithm 

The problem of mutual exclusion [2] involves allocat- 
ing an indivisible, reusable resource among n com- 
peting processes. A mutual exclusion algorithm is 
said to guarantee progress^ if it continues to allo- 
cate the resource as long as at least one process is 
requesting it. It guarantees no-lockout if every pro- 
cess that requests the resource eventually receives it. 
A mutual exclusion algorithm satisfies hounded watt- 
ing if there is a fixed upper bound on the number of 
times any competing process can be bypassed by any 
other process. In conjunction with the progress prop- 
erty, the bounded waiting property implies the no- 
lockout property. In 1982, Burns et al.[l] considered 
the mutual exclusion algorithm in a distributed set- 
ting where processes communicate through a shared 
read-modify-write variable. For this setting, they 
proved that any deterrmmsttc mutual exclusion algo- 
rithm that guarantees progress and bounded waiting 
requires that the shared variable take on at least n 
distinct values. Shortly thereafter, Rabin published 
a randomized mutual exclusion algorithm [6] for the 
same shared memory distributed setting. His algo- 
rithm guarantees progress using a shared variable 
that takes on only 0(log n) values. 

It is quite easy to verify that Rabin's algorithm 

^ We give more formal definitions of these properties in Sec- 
tion 2. 



guarantees mutual exclusion and progress; in addi- 
tion, however, Rabin claimed that his algorithm sat- 
isfies the following informally-stated strong no-lockout 
property^ . 

"// process i participates m a trying round 
of a run of a computation by the protocol 
and compatible with the adversary, together 
with < m— 1 < n other processes, then the 
probability that i enters the critical region at 
the end of that round is at least c/m, c ~ 
2/3." (*) 

This property says that the algorithm guarantees 
an approximately equal chance of success to all pro- 
cesses that compete at the given round. Rabin argued 
in [6] that a good randomized mutual exclusion algo- 
rithm should satisfy this strong no-lockout property, 
and in particular, that the probability of each process 
succeeding should depend inversely on m, the num- 
ber of actual competitors at the given round. This 
dependence on m was claimed to be an important ad- 
vantage of this algorithm over another algorithm de- 
veloped by Ben-Or (also described in [6]); Ben-Or's 
algorithm is claimed to satisfy a weaker no-lockout 
property in which the probability of success is approx- 
imately c/n, where n is the total number of processes, 
i.e., the number of potential competitors. 

Rabin's algorithm uses a randomly-chosen round 
number to conduct a competition for each round. 
Within each round, competing processes choose lot- 
tery numbers randomly, according to a truncated ge- 
ometric distribution. One of the processes drawing 
the largest lottery number for the round wins. Thus, 
randomness is used in two ways in this algorithm: 
for choosing the round numbers and choosing the lot- 
tery numbers. The detailed code for this algorithm 
appears in Figure 1. 

We begin our analysis by presenting three differ- 
ent formal versions of the no-lockout property. These 
three statements are of the form discussed in the in- 
troduction and give lower bounds on the (conditional) 
probability that a participating process wins the cur- 
rent round of competition. They differ by the nature 
of the events involved in the conditioning and by the 
values of the lower bounds. 

Described in this formal style, the strong no- 
lockout property claimed by Rabin involves condi- 
tioning over m, the number of participating processes 
in the round. We show in Theorem 3.1 that the ad- 

^ In the statement of this property, a " trying round" refers to 
the interval between two successive allocations of the resource, 
and the "critical region" refers to the interval during which a 
particular process has the resource allocated to it. A "critical 
region" is also called a "critical section". 



versary can use this fact in a simple way to lock out 
any process during any round. 

On the other hand, the weak c/n no-lockout prop- 
erty that was claimed for Ben-Or's algorithm involves 
only conditioning over events that describe the knowl- 
edge of the adversary at the end of previous round. 
We show in Theorems 3.2 and 3.4 that the algorithm 
suffers from a different fiaw which bars it from satis- 
fying even this property. 

We discuss here informally the meaning of this re- 
sult. The idea in the design of the algorithm was to 
incorporate a mathematical procedure within a dis- 
tributed context. This procedure allows one to se- 
lect with high probability a unique random element 
from any set of at most n elements. It does so in 
an efficient way using a distribution of small support 
("small" means here 0(log n)) and is very similar 
to the approximate counting procedure of [3]. The 
mutual exclusion problem in a distributed system is 
also about selecting a unique element: specifically the 
problem is to select in each trying round a unique 
process among a set of competing processes. In order 
to use the mathematical procedure for this end and 
select a true random participating process at each 
round and for all choices of the adversary, it is neces- 
sary to discard the old values left in the local variables 
by previous calls of the procedure. (If not, the adver- 
sary could take advantage of the existing values.) For 
this, another use of randomness was designed so that, 
with high probability, at each new round, all the par- 
ticipating processes would erase their old values when 
taking a step. 

Our results demonstrate that this use of random- 
ness did not actually fulfill its purpose and that the 
adversary is able in some instances to use old lottery 
values and defeat the algorithm. 

In Theorem 3.5 we show that the two fiaws re- 
vealed by our Theorems 3.1 and 3.2 are at the center 
of the problem: if one restricts attention to execu- 
tions where program variables are reset, and if we 
disallow the adversary to use the strategy revealed by 
Theorem 3.1 then the strong bound does hold. Our 
proof highlights the general difficulties encountered 
in our methodology when attempting to disentangle 
the probabilities from the infiuence of 

The algorithm of Ben-Or which is presented at the 
end of [6] is a modification of Rabin's algorithm that 
uses a shared variable of constant size. All the meth- 
ods that we develop in the analysis of Rabin's al- 
gorithm apply to this algorithm and establish that 
Ben-Or's algorithm is similarly fiawed and does not 
satisfy the l/2en no-lockout property claimed for it 
in [6]. Actually, in this setting, the shared variables 
can take only two values, which allows the adversary 
to lock out processes with probability one, as we show 



in Theorem 3.8. 

In a recent paper [7], Kushilevitz and Rabin use our 
results to produce a modification of the algorithm, 
solving randomized mutual exclusion with log2^n val- 
ues. They solve the problem revealed by our Theo- 
rem 3.1 by conducting before round k the competition 
that results in the control of Crit by the end of round 
k. And they solve the problem revealed by our The- 
orem 3.2 by enforcing in the code that the program 
variables are reset to 0. 

The remainder of this paper is organized as follows. 
Section 2 contains a description of the mutual exclu- 
sion problem and formal definitions of the strong and 
weak no-lockout properties. Section 3 contains our 
results about the no-lockout properties for Rabin's 
algorithm. It contains Theorems 3.1 and 3.2 which 
disprove in different ways the strong and weak no- 
lockout properties and Theorem 3.5 whose proof is 
is a model for our methodology: a careful analysis of 
this proof reveals exactly the origin of the fiaws stated 
in the two previous theorems. One of the uses of ran- 
domness in the algorithm was to disallow the adver- 
sary from knowing the value of the program variables. 
Our Theorems 3.2 and 3.7 express that this objective 
is not reached and that the adversary is able to in- 
fer (partially) the value of all the fields of the shared 
variable. Theorem 3.8 deals about the simpler setting 
of Ben-Or's algorithm. 

Some mathematical properties needed for the con- 
structions of Section 3 are presented in an appendix 
(Section 4). 



2 The Mutual Exclusion Prob- 
lem 

The problem of mutual exclusion is that of continu- 
ally arbitrating the exclusive ownership of a resource 
among a set of competing processes. The set of com- 
peting processes is taken from a universe of size n and 
changes with time. A solution to this problem is a 
distributed algorithm described by a program (code) 
C having the following properties. All involved pro- 
cesses run the same program C. C is partitioned into 
four regions, Try, Crit, Exit, and Rem which are 
run cyclically in this order by all processes executing 
C. A process in Crit is said to hold the resource. The 
indivisible property of the resource means that at any 
point of an execution, at most one process should be 
in Crit. 



2.1 Definition of Runs, Rounds, and 
Adversaries 

In this subsection, we define the notions of run, round, 
adversary, and fair adversary which we will use to 
define the properties of progress and no-lockout. 

A run /9 of a (partial) execution 5 is a se- 
quence of triplets {(pi, oldi, newi), (p2, old2, new2), 
... (pi,oldi,neWi) . . .} indicating that process pi 
takes the t*'' step in £ and undergoes the region 
change oldi newt during this step (e.g., oldt = 
newt = Try or oldt = Try and newt = Crit). We 
say that £ is compatible with p. 

An admissible adversary for the mutual exclusion 
problem is a mapping A from the set of finite runs 
to the set {!,...,«} that determines which process 
takes its next step as a function of the current par- 
tial run. That is, the adversary is only allowed to 
see the changes of regions. For every t and for ev- 
ery run p = {{pi,oldi,newi), {p2, old2, new2), . . .} , 
A[{(pi, oldi, newi), .. .,(pt, oldt, newt)}] = Pt+i- We 
then say that p and A are compatible. 

An adversary A is /a«r if for every execution, every 
process i in Try, Crit, or Exit is eventually provided 
by A with a step. This condition describes "normal" 
executions of the algorithm and says that processes 
can quit the competition only in Rem. 

A round of an execution is the part between two 
successive entrances to the critical section (or before 
the first entrance). Formally, it is a maximal execu- 
tion fragment of the given execution, containing one 
transition Try Crit at the end of this fragment 
and no other transition Try Crit. The round of a 
run is defined similarly. 

A process i participates in a round if i takes a step 
while being in its trying section Try. 

2.2 The Progress and No-Lockout 
Properties 

Definition 2.1 An algorithm C that solves mutual ex- 
clusion guarantees progress if, for all fair adversaries, 
there is no infinite execution in which, from some point 
on, at least one process is in its Try region (respec- 
tively its Exit region) and no transition Try Crit 
(respectively Exit Rem) occurs. 
The properties that we considered thus far are non- 
probabilistic. The no-lockout property is probabilis- 
tic. Its formal definition requires the following nota- 
tion: 

Let X denote any generic quantity whose value 
changes as the execution unfolds (e.g., a program 
variable). We let X(k) denote the value of X just 
prior to the last step (Try Crit) of the kth round 
of the execution. As a special case of this general 
notation, we define the following. 



V(k) is the set of participating processes in round 
k. (Set V(k) = if 5 has fewer then k rounds.) The 
notation V(k) is consistent with the general notation 
because the set of processes participating in round k is 
updated as round k progresses: in effect the definition 
of this set is complete only at the end of round k (this 
fact is at the heart of our Theorem 3.1). 

t(k) is the total number of steps that are taken by 
all the processes up to the end of round k. 

Af(k) is the set of executions in which all the pro- 
cesses j participating in round k reinitialize their pro- 
gram variables Bj with a new value l3j (k) during 
round k. (Af stands for New-values.) l3j(k); k = 
1,2,..., j = 1, . . . , n is a family of iid ^ random 
variable whose distribution is geometric truncated at 
log2n -|- 4 (see [6]). 

For each i and k, we let Wi(k) denote the set of 
executions in which process i enters the critical region 
at the end of round k. 

We consistently use the probability theory conven- 
tion according to which, for any property S, the set 
of executions {£ : £ has property S} is denoted as 
{S]. Then: 

• For each step number t and each execution £ 
we let T^t{£) denote the run compatible with the 
first t steps oi £ . For any t-steps run p, {ttj = p) 
represents the set of executions compatible with 
p. ({ttj = p} = if p has fewer then t steps.) We 
will use TTfc in place of i^tik) to simplify notation. 

• Similarly, for all m < n, {\V{k)\ = m} repre- 
sents the set of executions having m processes 
participating in round k. 

The quantities M{k),{TTt = p}, Wi(k), {\V(k)\ = 
m} are sets of executions: for a given adversary they 
are random events in the probability space of random 
executions endowed with the measure dP^. 

We now present the various no-lockout properties 
that we want to study. A first question is to char- 
acterize relevant events I over which conditioning 
should be done. Note first that restricting the set 
of executions to the ones having a certain property 
amounts to conditioning on this property. In par- 
ticular, we will condition on the fact that process i 
participates in round k. A crucial remark is that, in 
the worst case adversary framework that we are in- 
terested in, the adversary minimizing |l/Fj(A;) | /j 
will make its choices as if "knowing" I. We will derive 
telling consequences from this fact. 

We have actually in mind to compute the proba- 
bility of Wi(k) at different points Sk of the execution. 

■^Recall that iid stands for "independent and identically dis- 
tributed" . 



One way to go, would be to condition on the past 
execution. But, by our previous remark, this is tan- 
tamount to allow the adversary to this knowledge. It 
is then easy to see that lockout is possible. Another 
natural alternative that we will adopt, is to compute 
the probability at point Sk "from the point of view 
of the adversary" : this translates formally into con- 
ditioning over the value of the run up to point Sk . 
We will say that such a no-lockout property is run- 
knowmg. 

The first two definitions involve evaluating the 
probabilities "at the beginning of round k" . 
Definition 2.2 (Weak, Run-knowing, Proba- 
bilistic no-lockout) A solution to the mutual exclu- 
sion problem satisfies weak, run-knowmg probabilistic 
no-lockout whenever there exists a constant c such that, 
for every fair adversary A, every k > I, every (k — 1)- 
round run p compatible with A, and every process i, 

PA[Wi(k) I iTk-i = p, i e V(k)\ > c/n, 

whenever P^liTk-i = p, « G ^(^)] 7^ ■ 

The next property formally expresses statement (*) 
of Rabin. As we mentioned in our general presenta- 
tion, considering rounds having m participating pro- 
cesses corresponds to conditioning on this fact. 
Definition 2.3 (Strong, Run-knowing, Proba- 
bilistic no-lockout) The same as in Definition 2.2 
except that: 

P^[m(fc) I 7rfc_i =p, i e V{k), \V{k)\ = m] > c/m, 

whenever P^[7rfc_i = p, i G 'P(k), \V(k)\ = m] ^ . 

Recalling the two interpretations of conditioning in 
terms of time and knowledge held by the adversary, 
we see that this property differs fundamentally from 
the previous one because, here, the adversary is pro- 
vided with the number of processes due to participate 
in the future round (i.e., after t(k — 1)). By integra- 
tion over m, we see that an algorithm satisfying the 
strong property also satisfies the weak property. 

The next definition is the transcription of the pre- 
vious one for the case where the probability is "com- 
puted at the beginning of the execution" (i.e., sj, = 
for all k). 

Definition 2.4 (Strong, Without knowledge. 
Probabilistic no-lockout) The same as in Defini- 
tion 2.2 except that: 

PA[Wi{k) I i e r{k), \r{k)\ = m] > c/m, 

whenever P^[i £ V(k), \V(k)\ = m] ^ . 

By integration over p we see that an algorithm hav- 
ing the property of Definition 2.3 is stronger then one 
having the property of Definition 2.4. Equivalently, 
an adversary able to falsify Property 2.4 is stronger 
then one able to falsify Property 2.3. 



Shared variable: V = (S, B, R), where: 
S e {0, 1}, initially 
5 e {0, 1, ... , [log n] + 4}, initially 
R G {0, 2, . . . , 99}, initially random 

Code for i: 

Local variables: 

Bi e {0, . . . , [logn] + 4}, initially 1 
Ri e {0, 1, . . .,99}, initially ± 
Code: 

while V ^ (0,Bi,Ri) do 

if (V.R ^ Ri) or (V.B < Bi) then 
Bi ^ random 
V.B ^ max(V.B,Bi) 
Ri ^V.R 
unlock; lock; 
1/^(1,0, random) 
unlock; 

* Critical Region ** 
lock; 

V.S 
Ri ^ ± 
Bi ^0 
unlock; 

* Remainder Region ** 
lock; 



3 Our Results 

Here, we give a little more detail about the operation 
of Rabin's algorithm than we gave earlier in the in- 
troduction. At each round k a new round number R 
is selected at random (uniformly among 100 values). 
The algorithm ensures that any process i that has al- 
ready participated in the current round has Ri = R, 
and so passes a test that verifies this. The variable R 
acts as an "eraser" of the past: with high probability, 
a newly participating process does not pass this test 
and consequently chooses a new random number for 
its lottery value Bi. The distribution used for this 
purpose is a geometric distribution that is truncated 
at b = log^n + i: p[/3j(A;) = /]= 2"' for / < The 
first process that checks that its lottery value is the 
highest obtained so far in the round, at a point when 
the critical section is unoccupied, takes possession of 
the critical section. At this point the shared variable 
is reinitialized and a new round begins. 

The algorithm has the following two features. 
First, any participating process i reinitializes its vari- 
able Bi at most once per round. Second, the pro- 
cess winning the competition takes at most two steps 
(and at least one) after the point fk of the round at 
which the critical section becomes free. Equivalently, 
a process i that takes two steps after fk and does not 
win the competition cannot hold the current maxi- 
mal lottery value. (A process i having already taken 
a step in round k holds the current round number 
i.e., Ri(k) = R(k). On the other hand, the semaphore 
S is set to after fk . If i held the highest lottery value 
it would pass all three tests in the code and enter the 
critical section.) We will take advantage of this last 
property in our constructions. 

We are now ready to state our results. The first 
result states that the strong Sl(l/m) result claimed 
by Rabin is incorrect. 

Theorem 3.1 The algorithm does not have the 
strong no-lockout property of Definition (2.4) (and 
hence of Definition 2.3). Indeed, there is an ad- 
versary A such that, for all rounds k, for all 

m < n - 1, P^[le-P(A;), \V{k)\ = m^ ^ but 

PA[Wi{k) I 1 e V{k), \V{k)\ = m] = 0. 

Proof: As we already remarked, the worst case 
adversary acts as if it knows the events on which 
conditioning is done. Knowing beforehand that 
the total number of participating processes in the 
round is m allows the adversary to design a sched- 
ule where processes take steps in turn, where pro- 
cess 1 begins and where process m takes posses- 
sion of the critical section. Specifically, the adver- 
sary A does not use its knowledge about p, gives 



Figure 1: Rabin's Algorithm 

one step to process 1 while the critical section is oc- 
cupied, waits for Exit and then adopts the sched- 
ule 2,2,3,3,...,n,n,l. This schedule brings round 
k to its end, because of the second property men- 
tioned above (i.e., all processes are scheduled for two 
steps). For this adversary, for 2 < m < n — 1, 
|'P(A;)| = m happens exactly when process m wins 
so that PA[Wi(k) n \V(k)\ = m] = 0. On the other 
hand, for this adversary, process m wins with non zero 
probability, i.e., P^[l £ V(k) n \V(k)\ = m] ^ . 

■ 

The previous result is not too surprising in the light 
of the time interpretation given before Definition 2.2. 
restricting the execution to {|'P(A;)| = m} gives A too 
much knowledge about the future. We now give in 
Theorem 3.2 the more damaging result, stating (1) 
that, in spite of the randomization introduced in the 
round number variable R, the adversary is able to 
infer the values held in the local variables and (2) 
that it is able to use this knowledge to lock out a 
process with probability exponentially close to 1. 

Theorem 3.2 There exists a constant c < 1, an ad- 
versary A, a round k and a k — 1-round run p such 



that: 

PA[Wi{k) I 7r,_i = 1 e r{k)] < + c". 
We need the following definition in the proof. 

Definition 3.1 Let / be a round. Assume that, during 
round /, the adversary adopts the following strategy. It 
first waits for the critical section to become free, then 
gives one step to process j and then two steps (in any 
order) to s other processes. (We will call these iesi- 
processes.) Assume that at this point the critical section 
is still available (so that round / is not over). We then 
say that process j is an s-survivor (at round /). 

The idea behind this notion is that, by manufactur- 
ing survivors, the adversary is able to select processes 
having high lottery values. We now describe in more 
detail the selection of survivors and formalize this last 
fact. 

In the following we will consider an adversary con- 
structing sequentially a family of s-survivors for the 
four values s = 2i°82"+*; t = -l,...,-5. When- 
ever the adversary manages to select a new survivor 
it stores it, i.e, does not allocates it any further step 
until the selection of survivors is completed. (A ac- 
tually allocates steps to selected survivors, but only 
very rarely, to comply with fairness. Rarely means 
for instance once every nT^ steps, where T is the ex- 
pected time to select an n/2-survivor.) By doing so, 
A reduces the pool of test-processes still available. 
We assume that, at any point in the selection pro- 
cess, the adversary selects the test-processes ai ran- 
dom among the set of processes still available. (The 
adversary could be more sophisticated then random, 
but this is not needed.) Note that a new s-survivor 
can be constructed with probability one whenever the 
available pool has size at least s -|- 1: it suffices to re- 
iterate the selection process until the selection com- 
pletes successfully. 

Lemma 3.3 There is a constants d such that for any 
t = — 5,...,— 1, for any 2'°82"+*-survivor j, for any 
a = 0, . . . , 5 

PA[Bjil) = \ogn + t + a] > d. 

Proof: Let s denote logn -\-t. Let j be an s-survivor 
and iiji'z,. ■ ■ ,is be the test-processes used in its se- 
lection. Assume also that j drew a new value Bj{l) = 
(3j{l) (this happens with probability qi = .99 .) Re- 
mark that Bj{l) = Max{Bi^(l),. . . , Bi^(l), Bj(l)}: if 
this were not the case, one of the test-processes would 
have entered Crit. As the test processes are selected 
at random, each of them has with probability .99 a 
round number different from R(l) and hence draws a 
new lottery number (3j{l). Hence, with high proba- 
bility q2 > 0, 90% of them do so. The other of them 



keep their old lottery value Bj(l — 1): this value, be- 
ing old, has lost in previous rounds and is therefore 
stochastically smaller ■* then a new value l3j(l). (An 
application of Lemma 4.5 formalizes this.) Hence, 
with probability at least qiq2 we have the following 
stochastic inequality: 

Max{/3i(/), . . . 9o/ioo} 

<c Bj{l) <c Max{/3i(0,...,A+i(0}- 

Corollary 4.4 then shows that, for a = 0, . . . , 5, with 
probability at least qiq2, P^[5j(/) = log2s] > qs for 
some constant qs (qs is close to 0.01). Hence, with 
probability at least d == qiq2q3, Bj(l) is equal to 
log2S + a. ■ 

Proof of Theorem 3.2: The adversary uses a prepa- 
ration phase to select and store some processes hav- 
ing high lottery values. We will, by abuse of lan- 
guage, identify this phase with the round p which 
corresponds to it. When this preparation phase is 
over, round k begins. 

Preparation phase p: For each of the five values 
log^n-l-t, t = —5, . . . , —1, A selects in the preparation 
phase many ("many" means n/20 for t = —5, . . . , —2 
and 6n/20 for t = -X) 2'°82"+*-survivors. Let de- 
note the set of all the survivors thus selected. (Note 
that l^il = n/2 so that we have enough processes 
to conduct this selection). By partitioning the set 
of 2'°82"~i-survivors into six sets of equal size, for 
each of the ten values t = —5,. ..,4, A has then se- 
cured the existence of n/20 processes whose lottery 
value is log2n -\-t with probability bigger then d. (By 
Lemma 3.3.) 

Round k: While the critical section is busy, A gives 
a step to each of the n/2 processes from the set ^2 
that it did not select in phase p. When this is done, 
with probability at least 1 — 2~^^ (see Corollary 4.2) 
the program variable B holds a value bigger or equal 
then log2n — 5. The adversary then waits for the 
critical section to become free and gives steps to the 
processes of it selected in phase p. A process in 
^2 can win access to the critical section only if the 
maximum lottery value Bg.^ = Max^ g Bj of all 
the processes in ^2 is strictly less then log2n — 5 or if 
no process of holds both the correct round number 
R{k) and the lottery number Bs.^ ■ This consideration 
gives the bound predicted in Theorem 3.2 with c = 
(1 - rf/100)i/2o. ■ 

Our proof actually demonstrates that there is an 
adversary that can lock out, with probability expo- 
nentially close to 1, an arbitrary set of n/2 processes 

real random variable X is stochastically smaller then 
another one Y (we write that: X -C/^ Y) exactly when, for all 
X eR, F[X >x]< F[Y > x]. Hence, if X < y in the usual 
sense, it is also stochastically smaller. 



during some round. With a slight improvement we 
can derive an adversary that will succeed in lock- 
ing out (with probability exponentially close to 1) 
a given set S3 of, for example, n/100 processes at all 
rounds: we just need to remark that the adversary can 
do without this set S3 during the preparation phase 
p. The adversary would then alternate preparation 
phases pi,p2,... with rounds ki,k2,... The set S3 
of processes would be given steps only during rounds 
kijk'z, ■ ■ ■ and would be locked out at each time with 
probability exponentially close to 1. 

In view of our counterexample we might think that 
increasing the size of the shared variable might yield 
a solution. For instance, if the geometric distribu- 
tion used by the algorithm is truncated at the value 
h = 2 log2n instead of log2n -|- 4, then the adversary 
is not able as before to ensure a lower bound on the 
probability that an n/2-survivor holds h as its lot- 
tery value. (The probability is given by Theorem 4.1 
with X = logn.) Then the argument of the previ- 
ous proof does not hold anymore. Nevertheless, the 
next theorem establishes that raising the size of the 
shared variable does not help as long as the size stays 
sub-linear. But this is exactly the theoretical result 
the algorithm was supposed to achieve. (Recall the 
n-lower bound of [1] in the deterministic case.) Fur- 
thermore, the remark made above applies here also: 
a set of processes of linear size can be locked out at 
each time with probability arbitrarily close to 1. 

Theorem 3.4 Suppose that we modify the algorithm 
so that the set of possible round numbers used has size 
r and that the set of possible lottery numbers has size 
h (log2n + 4 < & < n). Then there exists positive 
constants ci and C2, an adversary A, and a run p such 
that 

PA[Wi(k) 1 7Tk-i = p, lev(k)] < 



g-32_^g-cin/r 



'^2 — 



Proof: We consider the adversary A described in 
the proof of theorem 3.2: for t = —5, . . . , —2, A pre- 
pares a set Tf of 2'°82"+*-survivors, each of size n/20, 
and a set T_i of 2'°82"~i-survivors; the size of T_i is 
6/20n. (We can as before think of this set as being 
partitioned into six different sets.) We let rj stand for 
6/20 in the sequel. 

Let pi denote the probability that process 1 holds / 
as its lottery value after having taken a step in round 
k. For any process j in S-i let also qi denote the 
probability that process j holds / as its lottery value 
at the end of the preparation phase p. 

The same reasoning as in Theorem 3.2 then leads 
to the inequality: 

PA[Wi(k) 1 7Tk-i = p, lev(k)] < 



e-3^ + (l-e-^^)(l-d/rr/^° 
r 

;>log2n+5 



Write / = log2n + x — I = log2(n/2) -|- x. Then, as 
is seen in the proof of Corollary 4.4, qi = ''2"'^"'' 
for some ( G (x, x + 1). For / > log2n -|- 5, x is at least 
6 and e''-^'"^ ~ 1 so that qi ~ 2'^''^ > 21"^. On the 
other hand pi = 2~' = 2~^+^/n. 

Define xP{x) = g-^'""')"/'- so that xP'{x) = 
e-2'""')"/'-2i-^ryn/r. Then: 

J2 Pm(l-^r < 2/nE 2-^(1-^)"" 

/>log2+5 x>6 



< 2/n^2-^e- 

x>6 

= l/n^2i-^£ 



x>6 



„„2 /l^ V / 



< 



il>'(x)dx 



< 



rjn^ Js 
r 

— M~ 
rjn^ 

rjn^ 



rjn^ 



To simplify the notations in the sequel, we will let 
ii, . . . , i\T(k)\ denote the elements of V(k). And we 
will let pi,p2,... denote the sequence of processes 
taking steps in turn during round k: recall that a 
process i can take several steps during the round. 

The fiaw of the protocol revealed in Theorem 3.2 is 
based on the fact that the variable R does not act as 
an eraser of the past and that the adversary can use 
old values to defeat the algorithm. The fiaw exhibited 
in Theorem 3.1 is based on the fact that, even when 
the old values are erased, the algorithm is sensitive to 
the order pi,p2, ■ ■ ■ in which participating processes 
are scheduled. The adversary can play on this order 
in two different ways. It can act on the fact that dif- 
ferent scheduling strategies infiuence in different ways 
the size m of the set V{k) (Strategy 1). And it can 
use the fact that, for a given number m of participat- 
ing processes, the mathematical distribution of the 
sequence (Pi(k); i G Vik)) is (a priori) sensitive to 
the ordering pi,p2, ■ ■ ■ (Strategy 2). The adversary of 
Theorem 3.1 specifically used strategy 1. 

The next result shows that the two fiaws exhibited 
in Theorems 3.1 and 3.2 are at the core of the prob- 



lem: the algorithm does have the strong no-lockout 
property when we precondition on the fact that the 
internal variables of the participating processes are 
reset to new values and when we bar the adversary 
from using strategy 1. We will actually prove this re- 
sult for a slightly modified version of the algorithm. 
Recall in effect that the code given in Page 6 is opti- 
mized by making a participating process i draw a new 
lottery number when it is detected that V.B < Bi. 
We will consider the "de-optimized" version of the 
code in which only the test V.R ^ Ri ? causes of a 
new drawing to occur. 

The next definition formalizes the restriction that 
we impose on the adversary. It says that the adver- 
sary commits itself to the value oiV{k) at the begin- 
ning of round k. 

Definition 3.2 We say that an adversary is restricted 
when, for each round, it allocates a step to all participat- 
ing processes (of this round) before the critical section 
becomes free. We will let A' (as opposed to A) denote 
any such adversary. 

We will make constant use of the notation [n] == 
{1, 2, . . . , n). Also, for any sequence (aj)jgiij we will 
write flj- = Umaxflj to mean that i is the only index 

in J for which ai = Max a,-. 

Theorem 3.5 For every process i = 1, . . . ,n, for ev- 
ery round k > 1, for every restricted adversary A' and 
for every {k — l)-round run p compatible with A' , 

"PA'Wiik) I M{k), 7r,_i = p, ie V(k), \V(k)\ = m] 

> -^T-, whenever 
PA'i^ik), 7rk-i = p, ieVik), \Vik)\ = m]^0 . 

Proof: 

We first define the events l((k) and U'j{k), where J 
is any subset of {1, . . . , n}: 

U{k) = {3\i eV(k) s.t. Bi(k) = Max Bj(k)}, 
U'j{k) = e J s.t. I3i{k) = Max/3j(A;)}. 

The main result established in [6] can formally be 
restated as: 



Vm < n, P[ U[^^ {k)] > 2/3. 



(1) 



Following the general proof technique described in the 
introduction we will prove that : 

PA'luik) I W(fc), TTk-i =p, ie v(k), \v(k)\ = 



= P^U^ik)^ , and that: 
PMWi(k) \ A'(k), TTk-i = p,ieV(k),\V(k)\ = m,l((k) 



= Pmk)= MaxB,(k) U'Jk) 

The events involved in the LHS of the two inequal- 
ities (e.g., Wi{k), U{k), {\V{k)\ = m}, {TTk-i = p}, 



{i G V(k)}) depend on A' whereas the events involved 
in the RHS are pure mathematical events over which 
A' has no control. 

We begin with some important remarks. 

(1) By definition, the set V(k) = {ii, i'z, ■ ■ .} is 
decided by the restricted adversary A' at the begin- 
ning of round k: for a given A' and conditioned on 
{tt^-i = p}, the set V{k) is defined deterrmmsttcally. 
In particular, for any i, Pa'[ * £ ^(^) | ""fc-i = p\ 
has value or 1. Similarly, there is one value 
m for which P^/[|'P(A;)| = m | i^k-i = p] = 1 • 
Hence, for a given adversary A' , if the random event 
{M{k), TTk-i = p, i e V(k), \V(k)\ = m} has 
non zero probability, it is equal to the random event 
{W(fc), 7r,_i = 

(2) Recall that, in the modified version of the 
algorithm that we consider here, a process i draws a 
new lottery value in round k exactly when Ri(k — l) ^ 
R(k). Hence, within I, the event Af(k) is equal to 
{Ri,(k-l) ^ R(k), . ..,RiJk-l) ^ R(k)}. On the 
other hand, by definition, the random variables (in 
short r.v.s) ; ij G Vik) are iid and independent 
from the r.v. R(k). This proves that, (for a given 
A'), conditioned on {iTk-i = p}, the r.v. Af(k) is 
independent from all the r.v.s l3i^. Note that lOpfj^ Jk) 



measurable with respect 
(k) and J^(k) 



so that Wpj-j,-) 



is defined in terms of (i.e. 
to) the (J3ir, ij e V(k)), 
are also independent. 

(3) More generally, consider any r.v. X defined 
in terms of the (Pi^ ; ij £ V(k)): X = f(Pi^ , . . . , /3i^) 
for some measurable function /. Recall once more 
that the number m and the indices ii, . . . , im are de- 
termined by {iTk-i = p} and A' . The r.v.s l3i^ being 
iid, for a fixed A' , X then depends on {iTk-i = p} 
only through the value m of |'P(A;)|. Formally, this 
means that, conditioned on |'P(A;)|, the r.v.s X and 
{-Kk-i = p} are independent: E^/[X | iTk-i = p] = 
E^4X| |P(fc)| = m]=E[/(/3i,...,/3™)]. (More pre- 
cisely, this equality is valid for the value m for which 
P^[7rfc_i = p , |'P(A;)| = m] ^ 0.) A special conse- 
quence of this fact is that P^/ [t/p|-j.-|(A;) | iTk-i = 

Remark that, in U{k), the event Wi{k) is the same 
as the event {Bi{k) = Umax5j(A;)}. This justifies 

the first following equality. The subsequent ones are 
commented afterwards. Also, the set I that we con- 
sider here is the one having a non zero probability 
described in Remark (1) above. 



PA'[Wi{k) I U{k), I] 

= PA'[Bi(k) 

= PA-mk) 
= PA-mk) 



Vmax Bj(k) U{k), I 



Umax Bj (k) 

] € V(k) ■' 



\Jmaxl3j(k) Hi 



V{k) 



] (2) 



Equation 2 is true because we condition on M{k) 
and because U{k) r\M{k) = U!p^j.'^{k). Equation 3 is 
true because M{k) is independent from the r.v.s j3i^ 
as is shown in Remark (2) above. 

We then notice that the events {j3i{k) = 
Umax/3j (A;)} and U!p^j.'^{k) (and hence their intersec- 
tion) are defined in terms of the r.v.s j3i^. From re- 
mark (3) above, the value of Eq. 3 depends only on 
m and is therefore independent of i. Hence, for all i 
and i in V{k), V A\Wi{k) \ U{k),I] = P^'[^iW | 
U{k), I]. 

On the other hand, Z]igp(fc)P^' = 
Umax/3j(A;) | K!p^^,-^{k), i^k-i = P ] = indeed, 
one of the j3i^ has to attain the maximum. 

These last two facts imply that, Vi G Vik), 

Vj(,[Wi{k) I U{k), I] = 1/m. 

We now turn to the evaluation of V j\,i\ll{k) \ I ]■ 

V^,[U{k)\l] = V^,[U'T,^^^^{k)\l] (4) 
= VJ^,[U'^^^^{k) I 7r,_i = p] (5) 
= P[^^hW]>2/3. (6) 

Equation 4 is true because we condition on M{k). 
Eq. 5 is true because U!p^j.'^{k) and M{k) are indepen- 
dent (See Remark (2) above). The equality of Eq. 6 
stems from Remark (3) above and the inequality from 
Eq. 1. 

We can now finish the proof of Theorem 3.5. 
"PA'Wiik) I I] 

>VA,[Wi{k), U{k) I I] 

= VA'[Wi{k) I U{k), I ] VA'[U{k) I 7 ] > 2/3 m . 

■ 

We discuss here the lessons brought by our results. 
(1) Conditioning on M{k) is equivalent to force the 
algorithm to refresh all the variables at each round. 
By doing this, we took care of the undesirable linger- 
ing effects of the past, exemplified in Theorems 3.2 
and 3.4. (2) It is not true that: 

P^[A-(A;) = Max ^/3j(fc) I ZY^(,)(fc), \V{k)\ = m] = 
p[A-W= Max/3,(fc) |;Y['„j(fc)], 

i.e., that the adversary has no control over the event 
{j3i{k) = Max (3j{k)}. (This was Rabin's statement 

in [6].) 

Indeed, the latter probability is equal to 1/m 
whereas we proved in Theorem 3.1 that there is an 
adversary for which the former is when m < n — 1. 



The crucial remark explaining this apparent para- 
dox is that, implicit in the expression V j^[j3i{k) = 
Max di(k) . . .1, is the fact that the random vari- 

3 € V(k) J ^ ' I 

ables l3j(k) (for j G V(k)) are compared to each other 
in a specific way decided by A, before one of them 
reveals itself to be the maximum. For instance, in 
the example constructed in the proof of Theorem 3.1, 
when j takes a step, (3j{k) is compared only to the 
l3i(k); I < j, and the situation is not symmetric 
among the processes in V(k). 

But, if the adversary is restricted as in our Defi- 
nition 3.2, the symmetry is restored and the strong 
no-lockout property holds. 

Rabin and Kushilevitz used these ideas from our 
analysis to produce their algorithm [7]. 

In our last Theorem 3.5 we used the restriction on 
the adversary A' mostly to derive a 1/m bound. If we 
consider a general adversary A it is interesting to note 
that we can still ensure the weak lockout-property: 

Theorem 3.6 For every process i = I, . . . ,n, for ev- 
ery round k > I, for every adversary A and for every 
(k — l)-round run p compatible with A, 

PA[Wi(k) I W(fc), TTk-i = p, ie V(k)\ > .l/n, 

whenever J^(k), i^k-i = P, * £ ^(^)] 7^ ■ 

Proof: Omitted. ■ 
This theorem holds also if, as in the context of the- 
orem 3.4, the algorithm uses h lottery numbers. This 
shows that the result of Theorem 3.6 is not trivial: in- 
deed, when h = 21og2, the probability P[l3i(k) = h] of 
drawing the highest possible number is a o(l/n). One 
of the difficulties of the proof is that the apparently 
innocuous event {i G Vik)} is in the future of the 
point t(k — 1) at which the probability is estimated: 
the adversary could conceivably also use this fact to 
ensure some specific values of the variables when i 
participates. 

Our Theorems 3.1, 3.2 and 3.4 explored how the 
adversary can gain and use knowledge of the lottery 
values held by the processes. The next theorem states 
that the adversary is similarly able to derive some 
knowledge about the round numbers, contradicting 
the claim in [6] that "because the variable R is ran- 
domized just before the start of the round, we have 
with probability 0.99 that Ri ^ R" Note that, ex- 
pressed in our terms, the previous claim translates 
into R(k) ^ Ri(k - 1). 

Theorem 3.7 There exists an adversary A, a round k, 
a step number t, a run pi, compatible with A, having t 
steps and in which round k is under way such that 

PA[Rik) + Riik-1) I TTt = pt] < .99 . 

Proof: 



We will write = p' p where p' is a A; — 1-round run 
and p is the run fragment corresponding to the kih 
round under way. Assume that p' indicates that, be- 
fore round k, processes 1,2,3,4 participated only in 
round k — 1, and that process 5 never participated be- 
fore round k. Furthermore, assume that during round 
k — 1 the following pattern happened: A waited for 
the critical region to become free, then allocated one 
step in turn to processes 2,1,1,3,3,4, 4; at this point 
4 entered the critical region. (All this is indicated in 
p'.) Assume also that the partial run p into round k 
indicates that the critical region became free before 
any competing process was given a step, and that the 
adversary then allocated one step in turn to processes 
5,3,3, and that, after 3 took its last step, the critical 
section was still free. We will establish that, at this 
point, 

P^[i?(fc) ^ Ri{k - 1) I TTt = p'p] < .99 . 

By assumption A; — 1 is the last (and only) round 
before round k where processes 1,2,3 and 4 partic- 
ipated. Hence Ri(k — 1) = R2(k — 1) = Rs(k — 
1) = R(k — 1). To simplify the notations we will 
let R' denote this common value. Similarly we will 
write l3[, /32, . . . in place of /3i(A; — 1), l32(k — I), . . . 
We will furthermore write /3i , /32 , . . . in place of 
l3i(k), P'jik),... and B, i? in place of 5(A;), R(k). 

Using Bayes' rule gives us: 

Pa[R^R'\p', p] 

Pa[p \p'] ' ^ ' 

In the numerator, the first term Pa[R 7^ R' \ p'] is 
equal to 0.99 because R is uniformly distributed and 
independent from R' and p' . We will use this fact 
another time while expressing the value of [p | p'] : 

Pa[p I P'] 

= Pa[p\p',R^R']Pa[R^R'\p'] 
+ Pa[p\p',R = R'] Pa[R = R'\p'] 

= 0.99Pa[p\p',R^ R'] (8) 
+ 0.01 Pa[p I p',R = R']. 

• Consider first the case where R ^ R' . Then pro- 
cess 3 gets a YES answer when going through the 
test '\V.R ^ R-i) or {V.B < B^y' , and consequently 
chooses a new value Bs(k) = l3s. Hence 

Pa[p\p',R^ R'] = P[I33< P^l (9) 

• Consider now the case R = R' . By hypoth- 
esis, process 5 never participated in the computa- 
tion before round k and hence draws a new number 



Bc^{k) = /^s. Hence: 

Pa[p\p',R= R'] = 

PA[B3{k)<p^\p',R=R']. (10) 

As processes 1,...,4 participated only in round 
A; — 1 up to round k, the knowledge provided by p' 
about process 3 is exactly that, in round k — 1, pro- 
cess 3 lost to process 2 along with process 1, and 
that process 2 lost in turn to process 4, i.e., that 
< P2, P'l < P2 and P'2 < P'i- For the sake of no- 
tational simplicity, for the rest of this paragraph we 
let X denote a random variable whose law is the law 
of P'2 conditioned on > Max{/3J , < 
This means for instance that, Va; G M, 

P[X >x] = P[p'2 >x\p'2> Max{/3J , /3a, P'2 < P'i] ■ 

When 3 takes its first step within round k, the pro- 
gram variable V.B holds the value jS^. As a conse- 
quence, 3 chooses a new value when and exactly when 
Bs(k — 1)(= /^s) is strictly bigger then jS^. (The case 
/Jg = /^s would lead 3 to take possession of the critical 
section at its first step in round k, in contradiction 
with the definition of p; and the case /Jg < /^s leads 3 
to keep its "old" lottery value Bs(k — 1).) From this 
we deduce that: 

PA[B3(k) < /35 I p',R= R'] = PWs < /35 I f3'3<X] 
+ P[/3^>/35, /33</35 I P'3<X]. (11) 

Using Lemma 4.5 we derive that: 

P[/33 < /35 I P'3<X]> P[p's < /35]. 

On the other hand P[(^'^ < (^5] = P[/33 < /Js] because 
all the random variables l3i(j), i = 1, . . . , n, j > 1 are 
iid. Taking into account the fact that the last term 
of equation 11 is non zero, we have then established 
that: 

PA[B3(k) < /35 I p',R = R'] > P[/33 < /Js]. (12) 
Combining Equations 9, 10 and 12 yields: 

Pa[p\p',R = R']>Pa[p\p', R^R']. 

Equation 8 then shows that P^[/9 | p'] > Pa[p \ 
p' , R ^ R']. Plugging this result into Equation 7 
finishes the proof. ■ 
We finish with a result showing that all the prob- 
lems that we encountered in Rabin's algorithm carry 
over for Ben-Or's algorithm. Ben-Or's algorithm is 
cited at the end of [6]. The code of this algorithm is 
the same as the one of Rabin with the following mod- 
ifications. All variables B , R, Bi, Ri] 1 < i < n are 



boolean variables, initially 0. The distribution of the 
lottery numbers is also different but this is irrelevant 
for our discussion. 

We show that Ben-Or's algorithm does not satisfy 
the weak no-lockout property of Definition 2.2. The 
situation is much simpler then in the case of Rabin's 
algorithm: here all the variables are boolean so that 
a simple reasoning can be worked out. 

Theorem 3.8 (Ben Or's Alg.) There is an adver- 
sary A, a step number t and a run pi compatible with 
A such that 

PA[w2(k) I 7rt = pt, 2eV(k)\ = . 

Proof: Assume that we are in the middle of round 
3, and that the run pi indicates that (at time the 
critical section was free and then that) the schedule 
1 2 2 3 3 was followed, that at this point 3 entered in 
Crit, that it left Crit, that at this point the schedule 
4 115 5 was followed, that 5 entered and then left 
Crit, that 6 4 4 then took a step and that at this 
point Crit is still free. 

Without loss of generality assume that the round 
number R(l) is 0. Then R-jil) = 0, 5i(l) = 1 and 
52(1) = 0: if not 2 would have entered in Crit. In 
round 2 it then must be the case that R(2) = 1. 
Indeed if this was not the case then 1 would have en- 
tered the critical section. It must then be the case 
that 5i(2) = and 84(2) = 1. And then that 
_Bg(3) = 1 and -R(3) = 0: if this was not the case 
then 4 would have entered in Crit in the 3rd round. 

But at this point, 2 has no chance to win if sched- 
uled to take a step! ■ 
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4 Appendix 

Theorem 4.1 and its corollaries are used in the con- 
struction of the adversary in Theorem 3.2 and The- 
orem 3.4. Lemma 4.5 is used mostly in the proof of 
Theorem 3.7. The proofs can be found in [8]. 
Definition 4.1 For any sequence (aj)jgiij we denote 
MaXgOi = Maxjai, 02, ■ ■ ■ , cig}. 

In this section the sequence (Pi) is a sequence of iid 
geometric random variables: 

P[A- = '] / = l,2,... 

The following results are about the distribution of the 
extremal function MaXj/Jj-. The same probabilistic 
results hold for iid random variables (PI), having the 
truncated distribution used by Rabin: we just need to 
truncate at log2n-|-4 the random variables l3i and the 
values that they take. This does not affect the proba- 
bilities because, by definition, P[l3'-(k) = log2n -|- 4] = 

S;>log2n+4 P[/^« — 

Theorem 4.1 For f < 1/2 we have the followine 
approximation: 

A = P[Max,/3i > log2S -\- x] ~ I - e"^''" . 



s 

Corollary 4.2 P[Max,/3i > log2S - 4] > 1 - e'^^. 

Corollary 4.3 P[Max,/3i > log2S + 8] < 0.01 . 

Corollary 4.4 P[Max,/3i = log2s] > 0.17, 

P[Max,/3i = log2S + l]> 0.01, V/ = 1, . . . , 5 . 

Lemma 4.5 Let B and A be any real-valued random 
variables. Then 

\fx e M, P[B >x\B<A\< P[B > x]. 5 

^ We use the convention that 0/0 = whenever this quantity 
arises in the computation of conditional probabihties. 



